1. Field of the Invention
The invention relates to security devices for protecting sensitive data from inappropriate access by I/O devices. More specifically, the invention relates to a cache for a NoDMA table that tracks the segments of memory that contain sensitive data.
2. Background
Financial and personal transactions are being performed on computing devices at an increasing rate. However, the continual growth in the number of such financial transactions has also led to increased attacks on the computer systems supporting these transactions and a corresponding need for security enhanced (SE) environments to prevent unauthorized access to or loss of sensitive data. Loss or unauthorized access of sensitive data (e.g., social security numbers, account numbers, financial data, account balances, passwords, authorization keys, etc.) results in a loss of privacy, theft of private financial data and similar malicious actions.
One technique used to attempt to access protected data is the use of memory access requests from peripheral devices through the direct memory access (DMA) controller. A DMA controller allows peripheral devices such as network cards to read and write to system memory with minimal usage of the central processing unit. The use of memory access requests from I/O devices can circumvent the security measures provided by an operating system. This may be achieved by making requests for memory access to segments of memory containing sensitive information that is outside the segment of system memory designated for use by the peripheral device.